From owner-freebsd-security  Wed Jul 22 01:34:15 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA10662
          for freebsd-security-outgoing; Wed, 22 Jul 1998 01:34:15 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns0.fast.net.uk (ns0.fast.net.uk [194.207.104.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA10559
          for <security@FreeBSD.ORG>; Wed, 22 Jul 1998 01:33:40 -0700 (PDT)
          (envelope-from netadmin@fastnet.co.uk)
Received: from bofh.fast.net.uk (bofh.fast.net.uk [194.207.104.22])
	by ns0.fast.net.uk (8.9.0/8.8.7) with ESMTP id JAA03160;
	Wed, 22 Jul 1998 09:33:14 +0100 (BST)
Received: from localhost (localhost [127.0.0.1])
	by bofh.fast.net.uk (8.8.8/8.8.5) with SMTP id JAA02003;
	Wed, 22 Jul 1998 09:33:15 +0100 (BST)
Date: Wed, 22 Jul 1998 09:33:15 +0100 (BST)
From: Jay Tribick <netadmin@fastnet.co.uk>
X-Sender: netadmin@bofh.fast.net.uk
To: John Fieber <jfieber@indiana.edu>
cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject: Re: Projects to improve security (related to C) 
In-Reply-To: <Pine.BSF.3.96.980721235902.25546M-100000@fallout.campusview.indiana.edu>
Message-ID: <Pine.BSF.3.96.980722093203.1949L-100000@bofh.fast.net.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


| > be some positive decisions made and action taken. Clearly, we've
| > seen some problems that need fixing; the worst thing that can happen
| > is that people will do nothing. Constructive suggestions?
| 
| If you want an automagic patching system and you think it will
| be a "marketable" product, the standard next step is to build a
| proof-of-concept prototype for some marketing tests.
| 
| It seems such a system would need three componets.
| 
|   * A mechanism for manufacturing and packaging and labeling band-aids[1]
|   * A band-aid delivery service
|   * A mechanism for safely applying the band-aids
| 
| I personally think the scheme would be most marketable if the
| last stage had a "let me look at it first" mode in addition to an
| automagic mode.

I agree with this, I also think we should have versions that are
a full source code distribution of the patch - in case we can't
apply it cleanly over existing source or if we've 'hacked' at
our the source already.

Regards,

Jay Tribick
--
[| Network Administrator | FastNet International | http://fast.net.uk/ |]
[|        Finger netadmin@fastnet.co.uk for contact information        |]
[| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message